We have a multi tenant application, so, we can have 1 or many SAML SSO Configurations for the same application.Our application is acting as LocalServiceProvider and we can have multiple PartnerIdentityProviders
I would like to know which is the best way to identify which configuration should i load when i receive the response in the AssertionConsumerURL. I was trying to add a queryparam to the URL, but that is not quite working good with some of the IDPs.
I was thinking i can loop over all the configurations and call the SAMLController.ReceiveSSO inside try catch until i got a valid response.
My question is...If i do that loop, could i Receive an SSO response not initiated by me? i mean... other application user located in other computer is trying to do SSO Login and both did the request at the same time, so, if i do that loop, is there a chance i can Receive the SSO Response from the other user?
If yes, and my workaround is not working... What other way can you suggest to me in order to identify which configuration should i load before calling SAMLController.ReceiveSSO?